|
||||
OBJECTIVE
Please note: I am not currently seeking other employment opportunities
I am seeking a technical, full time position that will effectively utilize my education and training and experience in the field of information security and leverage my engineering mindset. I have focused my career on intrusion detection, vulnerability assessment, and security incident analysis, and am keen on positions that permit me to do information security-related research and analysis.
EDUCATION
Master of Science in Computer Science with Information Assurance Focus
Currently Enrolled, The George Washington University, Cumulative GPA: 3.8Bachelor of Science in Computer Engineering
The University of Dayton, May 2001, Cumulative GPA:3.1GIAC Certified Intrusion Analyst (GCIA Gold Certification)
January, 2003GIAC Reverse Engineering Malware (GREM Certificate)
October, 2006GIAC Certified Forensic Analyst (GCFA Gold Certification)
November, 2006
WORK EXPERIENCE
Undisclosed US DoD Contractor Gaithersburg, MD Member Technical Staff, CIRT Intel 10/05 - Present
- Guide development of enterprise sensor grid to detect intrusions and data exfiltration
- Assist in deployment of and act as SME for corporate deployment of Sourcefire IDS's
- Lead deployment of and act as SME for 30TB enterprise SIM infrastructure (Arcsight)
- Design, deploy, and guide development on Linux-based custom detection platform
- Partner with researchers in the academic community to identify and leverage emerging detection technologies
- Leverage existing and develop new tools to
- Lead and support incident response efforts
- Lead and support digital forensic investigations
- Support malware and custom command-and-control reverse engineering efforts
- Lead and support emerging vulnerability research
- Research security aspects of technologies to provide technically-based guidance to enterprise
- Leverage intelligence on adversaries collected from internal investigations and partnerships with the defense industrial base, intel community, and defense department
- Perform all phases of security incident response, senior member of corporate CIRT
Open System Sciences Newington, VA Information Security Analyst 12/03 - 10/05 Received personal Letter of Commendation from USAID CTO
- Responsibilities on contract to US Agency for International Development
- Primary Intrusion Detection analyst: Tune, leverage Cisco SecureIDS, ISS Server Sensor HIDS, and netForensics SIM to identify and resolve security incidents.
- Identify security-related issues and provide technical information for remediation.
- Support client in ad-hoc security work and research as necessary.
- Accomplishments on contract to US Agency for International Development
- Assist in deployment of enterprise-wide vulnerability assessment program, from product evaluations to deployment of nCircle's IP360. Create manual and automated processes to further enhance the solution.
- Assist in global deployment and management of 92 Cisco SecureIDS sensors. Document procedures enabling easy implementation at remote sites. Tune all IDS's as implemented.
- Lead deployment of Skybox Enterprise Risk Management Tool
- Lead project to evaluate, select, pilot, deploy, and tune ISS RealSecure host agents to critical assets.
- Perform IDS installations and security training at offices in Cairo, Tel Aviv, Jerusalem, New Delhi
- Author Agency-wide guidelines on incident response.
- Act as backup for netForensics SIM system and Linux systems used by the security group.
Attendance of netForensics technical training
nCircle IP360 Vulnerability Assessment program featured in 03/30/2005 installment of SANS "What Works"
Fifth Third Bank Cincinnati, OH Information Security Analyst 06/01 - 12/03 Attendance of SANS conferences: Track 3 (Intrusion Detection), War on Internet Worms
- Responsibilities
- Primary Intrusion Detection analyst: Leverage ISS RealSecure and Snort to detect intrusion attempts. Follow up and perform forensic analysis on intrusion attempts.
- Vulnerability and penetration testing with nmap, Nessus, ISS Internet Scanner, and custom tools/scripts.
- Address security-related issues affecting Windows workstations and servers, as well as AIX servers
- Research new malware/virus threats, determine exposure, and take risk mitigation steps; analysis of unknown malware/virus variants.
- Assist in enterprise-wide policy creation and ongoing Federal & State audits affecting 400 servers, 18,000 workstations, 100 IDS sensors, 16 firewalls, and networking equipment.
- Lead and assist in forensic investigations involving computing resources.
- Accomplishments
- Plan, deploy, and maintain ISS RealSecure IDS to monitor systems enterprise-wide.
- Plan, deploy, and maintain scalable Snort IDS solution for the enterprise.
- Plan and deploy enterprise-wide log consolidation software for central monitoring and reporting.
- Plan and deploy ePolicy Orchestrator for Virus/Malware exposure analysis, protection, & reporting.
- Develop and implement methods to prevent unauthorized hardware from accessing network resources.
- Develop and implement a process for quickly deploying, updating, and reporting on antivirus definitions.
- Develop process for bitwise duplication of hard disk drives for forensic purposes.
- Assist in development of corporate incident handling policies and procedures documents for a Fortune 500 Company.
Attendance of Microsoft training: Windows 2000 and Active Directory for NT Administrators
University of Dayton Research Institute (UDRI) Dayton, OH Computer Engineer co-op, MLLN Materials Directorate 01/00 - 05/01
- Design, write, support application for reduction of data files from Accoustic Emission strength tests (C++)
- Automate analysis of data collected on Titanium Metal Matrix Composites
- Take part in organization of data for presentation to clients
- Work in conjunction with USAF engineers on various projects
DLP Technologies, Inc. Cincinnati, OH Network Support Engineer Part-time, 1997 - 1999 Attendance of SCO Administration I course and telecomm/computer industry conferences
- Internet Solutions Consultation & Sales
- Onsite server, workstation, and LAN setup, configuration, and troubleshooting
- SCO UNIX, LINUX, Windows NT 4.0 & 3.51, Citrix Winframe server setup and administration
- Work in conjunction with USAF engineers on various projects
- Administration on internal SCO UNIX servers providing WAN connectivity
- Configuration and troubleshooting with Ascend & Cisco ISDN, FR, and dial-up routers
- Mid- to upper-level technical support for system administrators
- Programming for server maintenance in BASH, PERL, and C
PRESENTATIONS & ACADEMIC PAPERS
SKILLS
ISS RealSecure - Cisco SecureIDS - Snort IDS - SCO UNIX, LINUX, AIX, Windows NT/2000/Active Directory administration - Analysis and risk assessment of malware - Vulnerability assessments and analysis - Nessus - nCircle IP360 - Firewall configuration - Strong scripting skills (bash, awk, sed) - Network/System forensics - C, C++, Java, Bash/sed/awk, XML programming
ACTIVITIES
Semi-professional trombonist - Amateur bassist - InfoSec Blogger (http://blog.cloppert.org) - Avid traveler